4fc681a452986c48537e0762e260476f28a5898b546b886885e0bd7ccc64cb8e | Triage

Submit
Reports

Overview

overview

8

Static

static

4fc681a452...8e.exe

windows7-x64

8

4fc681a452...8e.exe

windows10-2004-x64

8

Sharing

General

Target

4fc681a452986c48537e0762e260476f28a5898b546b886885e0bd7ccc64cb8e
Size

255KB
Sample

221124-erxt5agc93
MD5

a26d1e125f18ab91ad5f4bf504f367b1
SHA1

e9436263d58b1fa3c1acf27ec1ec27beaa231c43
SHA256

4fc681a452986c48537e0762e260476f28a5898b546b886885e0bd7ccc64cb8e
SHA512

099a04f48ece693a939669ed04537fdadb0d3cc55cc93281cc1b8acd62f59986f6483b961b4917ef2585f13c6286717fb734b3f78bc440068655154063672255
SSDEEP

6144:7UnITMpSph0lMqqgWoDhujqcQQbxJhVGvkVbOcH4CIMk:7CQMY07qgWo6VVGvkVLAh

Score

8^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

4fc681a452986c48537e0762e260476f28a5898b546b886885e0bd7ccc64cb8e.exe

Resource

win7-20221111-en

persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

4fc681a452986c48537e0762e260476f28a5898b546b886885e0bd7ccc64cb8e.exe

Resource

win10v2004-20221111-en

persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  4fc681a452986c48537e0762e260476f28a5898b546b886885e0bd7ccc64cb8e
- Size
  
  255KB
- MD5
  
  a26d1e125f18ab91ad5f4bf504f367b1
- SHA1
  
  e9436263d58b1fa3c1acf27ec1ec27beaa231c43
- SHA256
  
  4fc681a452986c48537e0762e260476f28a5898b546b886885e0bd7ccc64cb8e
- SHA512
  
  099a04f48ece693a939669ed04537fdadb0d3cc55cc93281cc1b8acd62f59986f6483b961b4917ef2585f13c6286717fb734b3f78bc440068655154063672255
- SSDEEP
  
  6144:7UnITMpSph0lMqqgWoDhujqcQQbxJhVGvkVbOcH4CIMk:7CQMY07qgWo6VVGvkVLAh
Score

8^/10

persistence upx
- Modifies Installed Components in the registry
  persistence
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy